Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware suite disables safe-mode & MBAM


  • Please log in to reply
1 reply to this topic

#1 T_Harvey

T_Harvey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 February 2010 - 02:37 PM

I was recently called to help a friend with a spyware attack. The visible threat was a version of the Internet Security Suite 2010.

Safe-Mode was disabled, taskmanager was disabled, the installed AV/Firewal/Spyware product was "running" but had obviously been compromised (Trend Micro Internet Security Suite).

MBAM was having trouble getting installed, even after re-naming the file (I see now that your 'site has added an "mbam.exe" download). I had previously found a link to your ComboFix app, and had downloaded it (I see now that you guys have added a lot of warnings about using it). I ran ComboFix and it worked superbly (Thanks!). And I will be getting MBAM running on it to double-check the cleaning process, as ComboFix reported rootkit issues.

Upon returning to your site I now see all the warnings about using ComboFix. I'll certainly be a lot more circumspect about using it in the future. But after all that I have a few questions.

1. What issues are you seeing as a result of ComboFix being run on Windows XP systems?
2. Is Vista more tempermental than XP for a ComboFix attempt?
3. If the threat worked-around the installed Trend Micro Internet Security Suite in the first place, is that software any good now, post-infection? Or does it have to be replaced/re-installed to have any chance of being effective again?
4. Are you seeing any problems with AVG 9.0 / ZoneAlarm/ Ad-Aware/ MBAM (free)?
5. Do you recommend doubling/tripling-up anti-spyware installs, I'm leaning towards Ad-Aware/Spybot as they are familiar? But if you'er seeing them fail regularly, then I can sure investigate other packages?
6. I see you recommend SuperAntiSpyware a lot, is there an AV/Firewall package it works well/preferably with?
7. Are there packages you recommend against?
8. Do you feel a delete-all-partitions and completely re-install Windows approach fully removes rootkit infections, is it possible for a rootkit to make it thru that process?

I'll continue to read thru the various forums and guides on you site, I just thought I'd see if there was a consensus about preferred tools.

BC AdBot (Login to Remove)

 


#2 T_Harvey

T_Harvey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 February 2010 - 02:42 PM

Forgot to ask: Are you seeing any issues with using USB drives to install the fix-it tools? Can the USB drive be compromised itself?

I used to burn CD's of the tools, figuring it was a safe method to use to install the tools, but with the updates coming so fast, I was going CD's like mad, and the USB drive is so dang handy...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users